njrat | 9f651ae6ea538238748614a7f86fe2b0f76e881d6c38da581f284e4b6f79b0ca

Sharing

Copy URL

Twitter E-mail

General

Target

9f651ae6ea538238748614a7f86fe2b0f76e881d6c38da581f284e4b6f79b0ca
Size

3.3MB
MD5

be6098d5806e306c115c4ecae0e79049
SHA1

46a5b8c8132a8f619ab7fcd5494091c727d9d0f1
SHA256

9f651ae6ea538238748614a7f86fe2b0f76e881d6c38da581f284e4b6f79b0ca
SHA512

6d9bb5390c66c58cba7f63000bc0d26d52fa28121c23f6da5f0bb3a3e16d4b868ef09a917a3a7ffc01c57cac768b73e1874e166b18316952ab5f5d7d99700a9c
SSDEEP

98304:5M7M5FcZFFlrTBu5lAy/hDNTLqdrLLo9qF:i7M5uZ945lzTfgLLo90

Score

10^/10

pdf link hacked macro macro_on_action njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

supernovaswag.ignorelist.com:5552

sooosoo45.publicvm.com:1111

Mutex

d0f93c61091a2240aa3fd0d7912b4f59

Attributes

reg_key
d0f93c61091a2240aa3fd0d7912b4f59
splitter
|'|'|

Signatures

Njrat family
njrat

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

Processes:

resource	yara_rule
static1/unpack001/01/2015.5.27/18.vir	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

Processes:

resource	yara_rule
static1/unpack001/01/2015.5.27/18.vir	office_macros

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

9f651ae6ea538238748614a7f86fe2b0f76e881d6c38da581f284e4b6f79b0ca
.zip
01/2015.5.27/01.vir
01/2015.5.27/02.vir
.zip
PER-DCOMP-Intimacao.cpl
.dll windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CPlApplet

Sections

CODE
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
01/2015.5.27/03.vir
.exe windows x86

53dbb427d4fc9e9527dfdd72661dae65

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
Sleep
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
SetEnvironmentVariableW
OpenFileMappingW
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
GlobalAlloc
SetCurrentDirectoryW
DeleteFileW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
GetModuleFileNameA
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MoveFileW
SetFileAttributesW
GetFileAttributesW
FlushFileBuffers
SetFileTime
ReadFile
GetFileType
SetEndOfFile
SetFilePointer
GetStdHandle
CloseHandle
WriteFile
CreateFileW
SetLastError
GetLastError
CreateFileA
WriteConsoleW
VirtualFree
HeapCreate
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
RaiseException
RtlUnwind
HeapFree

user32

EnableWindow
GetDlgItem
PostMessageW
ShowWindow
GetDC
ReleaseDC
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DestroyWindow
CopyRect
IsWindow
OemToCharBuffA
LoadIconW
LoadBitmapW
DefWindowProcW
GetSysColor
SetForegroundWindow
MessageBoxW
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
SetWindowLongW

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
GetObjectW
DeleteObject
CreateDIBSection

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHChangeNotify
ShellExecuteExW

ole32

OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
OleUninitialize

oleaut32

VariantInit

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
01/2015.5.27/04.vir
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 907KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
01/2015.5.27/05.vir
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
01/2015.5.27/06.vir
01/2015.5.27/07.vir
.exe windows x86

419a575654b12fd46656186b46dd81f1

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance

shell32

SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation

imagehlp

MapFileAndCheckSumA

user32

BeginPaint
DefWindowProcA
DestroyWindow
DialogBoxParamA
UpdateWindow
ShowWindow
CreateWindowExA
EndPaint
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
PostQuitMessage
EndDialog
wsprintfA
RegisterClassExA

kernel32

FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
RtlUnwind
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
LoadLibraryA
FreeLibrary
CreateThread
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetStartupInfoA
VirtualAlloc
VirtualFree
ExitProcess
Sleep
SetUnhandledExceptionFilter
GetLastError
CreateFileA
SetFilePointer
ReadFile
CloseHandle
GetTempPathA
GetSystemTime
DeleteFileA
WriteFile
GetTickCount
GetFileSize
MultiByteToWideChar
GetModuleHandleW
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapAlloc
RaiseException
HeapFree
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
01/2015.5.27/08.vir
01/2015.5.27/09.vir
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
01/2015.5.27/10.vir
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
01/2015.5.27/11.vir
.doc .vbs windows office2003
01/2015.5.27/12.vir
.pdf
01/2015.5.27/13.vir
.pdf
- http://em-maq.com/B31zYtUwrmOj
01/2015.5.27/14.vir
.exe windows x86

ffca4b8182ebb8822b4187a5e1e23e14

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
Sleep
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
SetEnvironmentVariableW
OpenFileMappingW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SetThreadPriority
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
SetFileTime
SetFileAttributesW
GlobalAlloc
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileAttributesW
FlushFileBuffers
ReadFile
GetFileType
SetEndOfFile
SetFilePointer
WriteFile
GetStdHandle
GetLongPathNameW
GetShortPathNameW
GetCPInfo
MoveFileW
CreateFileW
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
CreateHardLinkW
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
CreateFileA
IsDBCSLeadByte
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
GetDlgItem
ShowWindow
SetWindowLongW
GetDC
ReleaseDC
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
LoadIconW
LoadBitmapW
PostMessageW
GetSysColor
SetForegroundWindow
MessageBoxW
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
OemToCharBuffA

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
GetObjectW
DeleteObject
CreateDIBSection

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteExW
SHChangeNotify
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
01/2015.5.27/15.vir
.dll windows x86

82599808f5dc1667384df6e7891cf0b0

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
MultiByteToWideChar
GetSystemTime
EnterCriticalSection
TerminateThread
CloseHandle
LeaveCriticalSection
CreateEventW
WaitForSingleObject
SetEvent
SetErrorMode
LoadLibraryW
GetSystemInfo
GetVersionExW
WriteConsoleW
VirtualAlloc
VirtualFree
GetCurrentProcess
GetTickCount
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetModuleFileNameA
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
CreateFileA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
HeapAlloc
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
HeapFree
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RaiseException
HeapSize
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

wsprintfW
GetSystemMetrics

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameA

wininet

InternetWriteFile
InternetCloseHandle
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestExW
InternetReadFile

ws2_32

WSACleanup
gethostbyname
gethostname
inet_ntoa
inet_addr
htons
socket
setsockopt
connect
closesocket
send
recv
sendto
recvfrom
WSAStartup

Exports

Exports

aaaaaaaaaaaaaaaa

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
01/2015.5.27/16.vir
.rtf .vir
01/2015.5.27/17.vir
.pdf
01/2015.5.27/18.vir
.doc .vir windows office2003

ThisDocument

NewMacros

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 147KB - Virtual size: 147KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 7KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 72B

.reloc Size: 12KB - Virtual size: 12KB

.rsrc Size: 11KB - Virtual size: 11KB

53dbb427d4fc9e9527dfdd72661dae65

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 187KB

.rsrc Size: 102KB - Virtual size: 101KB

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

Size: 10KB - Virtual size: 24KB

Size: 512B - Virtual size: 8KB

Size: - Virtual size: 8KB

Size: 512B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 8KB

Size: 174KB - Virtual size: 2.5MB

.data Size: 907KB - Virtual size: 912KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 21KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 576B

.reloc Size: 512B - Virtual size: 12B

419a575654b12fd46656186b46dd81f1

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

imagehlp

user32

kernel32

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 71KB - Virtual size: 70KB

f34d5f2d4577ed6d9ceec516c1f5a744

CODE
Size: 147KB - Virtual size: 147KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 7KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 72B

.reloc
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 187KB

.rsrc
Size: 102KB - Virtual size: 101KB

.rsrc
Size: 2KB - Virtual size: 8KB

.data
Size: 907KB - Virtual size: 912KB

.text
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 576B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 71KB - Virtual size: 70KB

.text
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 21KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 134KB

.rsrc
Size: 115KB - Virtual size: 115KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 6KB